DELETE! How Karolin Kruiskamp frees compliance from unnecessary paperwork
“My last migration project involved over 250 documents. If even I struggled to figure out what to use when. There’s no way employees would use it,” says Karolin Kruiskamp, Founder and Lean Compliance Designer at Compleye. She’s on a mission to simplify compliance with her straightforward approach.
“Companies usually come to us when they suddenly need ISO27001 certification to work with a government agency or enterprise client. They don’t know what it is, but they need it fast,” says Karolin. It’s a common challenge for SMEs: while large corporations have dedicated compliance departments, smaller businesses must make do with limited resources and expertise. In discussing the future of compliance and auditing, she outlines her vision for an approach where reduced paperwork actually enhances security.
Drowning in unread documents
The compliance industry faces a core problem: documentation overload. “When I review regulatory requirements, I find that about 80% can be trimmed for SMEs – most of it simply doesn’t apply to them,” Karolin states. This burden is particularly evident in traditional quality management systems. Yet having countless policies, procedures, and forms doesn’t actually protect data.
The challenge multiplies when companies need to juggle multiple compliance frameworks. This paperwork avalanche doesn’t just create bureaucracy; it actively undermines security efforts. As Karolin puts it: “More documentation doesn’t mean better quality or security.”
AI: a real solution or band-aid?
“As compliance officers, we need to better understand how companies implement AI in their operations and products. Do we really grasp what’s happening?” Karolin observes that many struggle with the underlying technology and regulations. “The laws are complex enough – explaining implementation is even harder.”
Her x-ray method makes this practical: “Everyone uses ChatGPT, but each AI system is unique. We need to understand data flows and their purpose. Some systems are closed, others are open.” She believes compliance officers should focus here: “First understand your actual operations, then identify risks, and finally determine where to focus.”
Using AI to speed up compliance? Karolin sees this as treating symptoms. “They create AI tools to summarize documents, hoping to need fewer compliance officers. But why create mountains of documents that no one uses in the first place? Despite all the time and effort invested.” Rather than using AI to tackle document overload, she advocates fixing the underlying system.
De lean compliance revolutie
About Compleye
Compleye reinvents compliance with its lean, agile online platform. Founded in 2018 by Karolin Kruiskamp, the company blends a practical SaaS platform with educational resources and personalized support. This combination helps companies manage compliance independently while receiving guidance when needed. Compleye specializes in B2B SMEs offering technical products or services, with success stories across Pharma, HealthTech, FinTech, and e-Commerce sectors.
Karolin’s approach is different from the traditional compliance approach. “We start by creating a visual ‘X-ray’ with each company,” she explains. This visualization maps data flows and identifies genuine risks. “Compliance requires humility. Simply state what you do, and do it well,” she emphasizes. This lean philosophy focuses on targeted, effective measures instead of endless documentation.
The modern compliance officer
Karolin sees today’s compliance officer as a ‘shield,’ or ‘shit umbrella’ – protecting the organization from unnecessary complexity. “You need someone who can filter out the complicated questions that could derail your business and product.”
This new breed of compliance officer bridges the technical and business worlds, communicating effectively with all stakeholders. “You must translate complex requirements for everyone – the outside world, stakeholders, other compliance officers, and auditors,” Karolin explains.
Over Bram
Ondernemer in de security industrie, kritisch, analytisch en hands-on. Directeur Beyond Products B.V.
Bram begon zijn carrière in de bescherming van vitale infrastructuur voor de Ministeries van BZK, V&J en EZ. Na zijn tijd bij de overheid, werkte Bram bij Securitas met een focus op technologie en innovatie. Sinds 2015 is hij zelfstandig ondernemer, gespecialiseerd in het ontwikkelen en vermarkten van nieuwe innovaties. Hij vervulde interim functies bij Fox-IT, Imbema, en Quinyx AB. Bram is opgeleid aan de Nyenrode Business Universiteit en JADS University.
Bram is sinds 2020 oprichter en directeur van Beyond Products B.V., een strategisch marketingbureau op het gebied van Security en IT. Ook heeft hij het boek Security Innovation Stories geschreven, waaruit dit platform is ontstaan.
Bram zet zich voornamelijk in voor innovatie in cybersecurity, omdat daar volgens hem nog veel te halen valt. In zijn columns beschrijft hij cybersecurity principes en de brug naar innovatie.